Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apigateway_service.py causing "TooManyRequestsException" error #5517

Open
jonathanbro opened this issue Oct 24, 2024 · 4 comments
Open

apigateway_service.py causing "TooManyRequestsException" error #5517

jonathanbro opened this issue Oct 24, 2024 · 4 comments
Assignees
@MrCloudSec
Labels
bug provider/aws Issues/PRs related with the AWS provider severity/low Bug won't result in any noticeable breakdown of the execution.

Comments

@jonathanbro
Copy link
Contributor

jonathanbro commented Oct 24, 2024
edited
Loading

Steps to Reproduce

  1. Run Prowler as per the instructions here https://github.com/prowler-cloud/prowler/tree/master/contrib/aws/multi-account-securityhub.

Expected behavior

Prowler should successfully audit our API Gateway service.

Actual Result with Screenshots or Logs

Screenshot 2024-10-24 at 07 26 18

How did you install Prowler?

Docker (docker pull toniblyx/prowler)

Environment Resource

  1. ECS Fargate

OS used

N/A

Prowler version

4.5.0

Pip version

N/A

Context

You will see from the screenshots Prowler cannot successfully run apigateway_service.py. I have tried lowering the max retries to 1 but that didn't help.
@jonathanbro jonathanbro added bug status/needs-triage Issue pending triage labels Oct 24, 2024
@jonathanbro jonathanbro changed the title apigateway_service.py causing "TooManyRequestsException" error, resulting in a 1XX "Killed" message and fails to audit the AWS account. apigateway_service.py causing "TooManyRequestsException" error, resulting in a 1XX "Killed" message, failing to send findings to AWS Security Hub Oct 24, 2024
@jonathanbro jonathanbro changed the title apigateway_service.py causing "TooManyRequestsException" error, resulting in a 1XX "Killed" message, failing to send findings to AWS Security Hub apigateway_service.py causing "TooManyRequestsException" error Oct 24, 2024
@MrCloudSec
Copy link
Member

Hi @jonathanbro, that's the way AWS manage the API throttling, you can try to avoid the with --aws-retries-max-attempts 1, more info here.
Let us know if that works for you!

@MrCloudSec MrCloudSec self-assigned this Oct 24, 2024
@MrCloudSec MrCloudSec added severity/low Bug won't result in any noticeable breakdown of the execution. provider/aws Issues/PRs related with the AWS provider and removed status/needs-triage Issue pending triage labels Oct 24, 2024
@jonathanbro
Copy link
Contributor Author

Hey @sergargar thanks for the update! Yep I tried that and it didn't help :(

@jonathanbro
Copy link
Contributor Author

If there's nothing we feel we can do, please close the issue :)

@jfagoagas
Copy link
Member

Hello @jonathanbro, I think this time there is little we can do since it is AWS who is rate-limiting the API. As @MrCloudSec mention, we can configure retry attempts but if the API is still rate limiting we can recommend you the following:

  • Add more delay between scans focusing the rate-limited APIs
  • Review your internal usage for the rate-limited APIs
  • Talk with the AWS support team to see if they can increase API limits for your use case.

I apologise but at this time I can't think of more options.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MrCloudSec MrCloudSec

Labels
bug provider/aws Issues/PRs related with the AWS provider severity/low Bug won't result in any noticeable breakdown of the execution.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jfagoagas @MrCloudSec @jonathanbro